Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118

  • Size

    215KB

  • Sample

    240714-w136yavbrh

  • MD5

    46fc9c3f0b2cb404b5d2f55e76886763

  • SHA1

    55dad8f50b2b17271623bb3f3923c1e963a26d91

  • SHA256

    5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d

  • SHA512

    2a116940b6882654ac5d2c33e0a00078a96673c7b53883f1e9887835153ad11e28439d27ac535a3fb9ab2e395c7ada081744e2455601b47c1164a72395906d12

  • SSDEEP

    3072:FzAKb/OW+OTwgkNZ0UMKRovRrHTyxL/zZy9TNz+E4Gm4Rq13bnPoMbLwAyS8c/je:Fv/OW+OT6f+rHTyxJFE4GmJ/D+Oqz0Cz

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118

    • Size

      215KB

    • MD5

      46fc9c3f0b2cb404b5d2f55e76886763

    • SHA1

      55dad8f50b2b17271623bb3f3923c1e963a26d91

    • SHA256

      5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d

    • SHA512

      2a116940b6882654ac5d2c33e0a00078a96673c7b53883f1e9887835153ad11e28439d27ac535a3fb9ab2e395c7ada081744e2455601b47c1164a72395906d12

    • SSDEEP

      3072:FzAKb/OW+OTwgkNZ0UMKRovRrHTyxL/zZy9TNz+E4Gm4Rq13bnPoMbLwAyS8c/je:Fv/OW+OT6f+rHTyxJFE4GmJ/D+Oqz0Cz

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks